Merge pull request #173 from engineyard/format-security-groups

validate rds server security group associations

lib/fog/aws/requests/rds/create_db_instance.rb

@@ -82,6 +82,33 @@ module Fog
             raise Fog::AWS::RDS::InvalidParameterCombination.new('Requesting a specific availability zone is not valid for Multi-AZ instances.')
           end
 
+          ec2 = Fog::Compute::AWS::Mock.data[@region][@aws_access_key_id]
+
+          db_security_group_names = Array(options.delete("DBSecurityGroups"))
+          rds_security_groups     = self.data[:security_groups].values
+          ec2_security_groups     = ec2[:security_groups].values
+          vpc                     = !ec2[:account_attributes].find { |h| "supported-platforms" == h["attributeName"] }["values"].include?("EC2")
+
+          db_security_groups = db_security_group_names.map do |group_name|
+            unless rds_security_groups.find { |sg| sg["DBSecurityGroupName"] == group_name }
+              raise Fog::AWS::RDS::Error.new("InvalidParameterValue => Invalid security group , groupId= , groupName=#{group_name}")
+            end
+
+            {"Status" => "active", "DBSecurityGroupName" => group_name }
+          end
+
+          if !vpc && db_security_groups.empty?
+            db_security_groups << { "Status" => "active", "DBSecurityGroupName" => "default" }
+          end
+
+          vpc_security_groups = Array(options.delete("VpcSecurityGroups")).map do |group_id|
+            unless ec2_security_groups.find { |sg| sg["groupId"] == group_id }
+              raise Fog::AWS::RDS::Error.new("InvalidParameterValue => Invalid security group , groupId=#{group_id} , groupName=")
+            end
+
+            {"Status" => "active", "VpcSecurityGroupId" => group_id }
+          end
+
           data = {
             "AllocatedStorage"                 => options["AllocatedStorage"],
             "AutoMinorVersionUpgrade"          => options["AutoMinorVersionUpgrade"].nil? ? true : options["AutoMinorVersionUpgrade"],
@@ -93,7 +120,7 @@ module Fog
             "DBInstanceStatus"                 =>"creating",
             "DBName"                           => options["DBName"],
             "DBParameterGroups"                => [{ "DBParameterGroupName" => "default.mysql5.5", "ParameterApplyStatus" => "in-sync" }],
-            "DBSecurityGroups"                 => [{ "Status" => "active", "DBSecurityGroupName" => "default" }],
+            "DBSecurityGroups"                 => db_security_groups,
             "DBSubnetGroupName"                => options["DBSubnetGroupName"],
             "Endpoint"                         =>{},
             "Engine"                           => options["Engine"],
@@ -110,7 +137,7 @@ module Fog
             "ReadReplicaDBInstanceIdentifiers" => [],
             "StorageEncrypted"                 => options["StorageEncrypted"] || false,
             "StorageType"                      => options["StorageType"] || "standard",
-            "VpcSecurityGroups"                => options["VpcSecurityGroups"],
+            "VpcSecurityGroups"                => vpc_security_groups,
           }
 
           self.data[:servers][db_name] = data

lib/fog/aws/requests/rds/create_db_instance_read_replica.rb

@@ -61,6 +61,7 @@ module Fog
             'ReadReplicaSourceDBInstanceIdentifier' => source_identifier,
             'StorageType'                           => options['StorageType'] || 'standard',
             'StorageEncrypted'                      => false,
+            'VpcSecurityGroups'                     => source['VpcSecurityGroups'],
           }
           self.data[:servers][instance_identifier] = data
           self.data[:servers][source_identifier]['ReadReplicaDBInstanceIdentifiers'] << instance_identifier

lib/fog/aws/requests/rds/modify_db_instance.rb

@@ -63,16 +63,32 @@ module Fog
               #  modified_server = server["PendingModifiedValues"].merge!(options) # it appends
               #end
 
-              db_security_group_names = options.delete("DBSecurityGroups")
-              if db_security_group_names && db_security_group_names.any?
-                db_security_groups =
-                  db_security_group_names.inject([]) do |r, security_group_name|
-                  r << {"Status" => "active", "DBSecurityGroupName" => security_group_name }
+              db_security_group_names = Array(options.delete("DBSecurityGroups"))
+
+              rds_security_groups = self.data[:security_groups].values
+
+              db_security_groups = db_security_group_names.map do |r, group_name|
+                unless rds_security_groups.find { |sg| sg["DBSecurityGroupName"] == group_name }
+                  raise Fog::AWS::RDS::Error.new("InvalidParameterValue => Invalid security group , groupId= , groupName=#{group_name}")
+                end
+                r << {"Status" => "active", "DBSecurityGroupName" => group_name }
               end
 
-                options.merge!("DBSecurityGroups" => db_security_groups)
+              ec2_security_groups = Fog::Compute::AWS::Mock.data[@region][@aws_access_key_id][:security_groups].values
+
+              vpc_security_groups = Array(options.delete("VpcSecurityGroups")).map do |group_id|
+                unless ec2_security_groups.find { |sg| sg["groupId"] == group_id }
+                  raise Fog::AWS::RDS::Error.new("InvalidParameterValue => Invalid security group , groupId=#{group_id} , groupName=")
                 end
 
+                {"Status" => "active", "VpcSecurityGroupId" => group_id }
+              end
+
+              options.merge!(
+                "DBSecurityGroups"  => db_security_groups,
+                "VpcSecurityGroups" => vpc_security_groups
+              )
+
               self.data[:servers][db_name]["PendingModifiedValues"].merge!(options) # it appends
               self.data[:servers][db_name]["DBInstanceStatus"] = "modifying"
               response.status = 200